dgit.raspbian.org Git - python3.9.git/commit

author	Seth Michael Larson <seth@python.org>
	Fri, 31 Jan 2025 17:41:34 +0000 (11:41 -0600)
committer	Raspbian forward porter <root@raspbian.org>
	Sat, 24 Jan 2026 09:41:14 +0000 (09:41 +0000)
commit	c2b8404273041f1ea48ca1f8c1e8c52f99034d11
tree	82ac66e7a06845153c51c6dcd65fd34b3798608b	tree \| snapshot
parent	dbade4158e77c082e7632049cc85ffebd6d4738a	commit \| diff

[PATCH] gh-105704: Disallow square brackets (`[` and `]`) in domain names for parsed URLs (GH-129418)

* gh-105704: Disallow square brackets ( and ) in domain names for parsed URLs

* Use Sphinx references

Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
* Add mismatched bracket test cases, fix news format

* Add more test coverage for ports

---------

(cherry picked from commit d89a5f6a6e65511a5f6e0618c4c30a7aa5aba56a)

Co-authored-by: Seth Michael Larson <seth@python.org>
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
origin: https://github.com/python/cpython/commit/b1e8501473c59485a55452dda94270a61c9ce14d
bug-freexian-security: https://deb.freexian.com/extended-lts/tracker/CVE-2025-0938
bug: https://github.com/python/cpython/pull/129530

Gbp-Pq: Name CVE-2025-0938.patch

Lib/test/test_urlparse.py		diff \| blob \| history
Lib/urllib/parse.py		diff \| blob \| history
Misc/NEWS.d/next/Security/2025-01-28-14-08-03.gh-issue-105704.EnhHxu.rst	[new file with mode: 0644]	blob